Question
Check how long the kube-apiserver server certificate is valid on cluster2-master1.
Do this with openssl and write the expiration date to /opt/course/22/expiration.
Also run the correct kubeadm command to list the expiration dates and confirm both methods show the same date.
Write the correct kubeadm command that would renew the apiserver certificate into /opt/course/22/kubeadm-renew-certs.sh
Answer
SSH to the node:
ssh cluster2-master1
Display api-server manifest and grep it for crt:
cat /etc/kubernetes/manifests/kube-apiserver.yaml |grep crt
the target file would be /etc/kubernetes/pki/apiserver.crt.openssl x509 -in /etc/kubernetes/pki/apiserver.crt -text|grep -i validity -A2
Place the output to the /opt/course/22/expiration:
Not After : Oct 5 21:25:30 2025 GMT
To check the same with kubeadm:
kubeadm certs check-expiration
Renew certs task:
kubeadm certs renew api-server
echo "kubeadm certs renew api-server" > /opt/course/22/kubeadm-renew-certs.sh
Test renewal:
bash /opt/course/22/kubeadm-renew-certs.sh
kubeadm certs check-expiration